dependabot-core 0.89.5 → 0.90.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 072d89ceba9a4bef7121feb23ed858ce922cb1f688a23f4c043a9f6f0e1b9d48
-  data.tar.gz: 2a673cbb63589dac0676f1ba7c6e0087f1d97b0ab9c86108f8b8923077f857dc
+  metadata.gz: 16f8747542b4fc3313c1000f962e502ef631ed367803b8230df2f2398d06d443
+  data.tar.gz: 4b2813423eb666b5bf3a2f42671514b88e8035baaa6b8d7ef1025e58b2b380a3
 SHA512:
-  metadata.gz: 3c5fb71ca9a5a77ed64d0874bcff0e0d3d352ce42cdfaa0eacb90479acd30b59916c14c5977fd0220d98f5a9971490b1e62ed4e25b15f35146a722a53fe5303b
-  data.tar.gz: 98461a9c198d131731945238f4f2cb9008420ca75e807d7f7186b4f38b711aa9497dec22a391badddc73277f30a7cfcb037f4485a4f2315f403a843a58c6f5fb
+  metadata.gz: 4bf9f62b5f78ac6781a2d9cd5533eed4ac01921d42a4a7e27c35d47763f38505af0d58ef33644ab90609528d56a035635f8fa8e7cfb30adf5c0b1843291f60c4
+  data.tar.gz: 7ff0f2b12276cf321c23f9a83417ae4d53bd37266ae291d44c3889737ac0fb673f28b75a189bb16a168789e5708011a0bb039b92cb6b9289b80dddaed268cfcc

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## v0.90.0, 14 January 2019
+
+- Python: Bump poetry from 0.12.10 to 0.12.11 in /python/helpers
+- Reorg dep
+
 ## v0.89.5, 13 January 2019
 
 - .NET: Handle wildcard requirements without any digits

data/lib/dependabot/file_fetchers.rb

@@ -2,14 +2,12 @@
 
 require "dependabot/file_fetchers/ruby/bundler"
 require "dependabot/file_fetchers/java_script/npm_and_yarn"
-require "dependabot/file_fetchers/go/dep"
 
 module Dependabot
   module FileFetchers
     @file_fetchers = {
       "bundler" => FileFetchers::Ruby::Bundler,
-      "npm_and_yarn" => FileFetchers::JavaScript::NpmAndYarn,
-      "dep" => FileFetchers::Go::Dep
+      "npm_and_yarn" => FileFetchers::JavaScript::NpmAndYarn
     }
 
     def self.for_package_manager(package_manager)

data/lib/dependabot/file_parsers.rb

@@ -2,14 +2,12 @@
 
 require "dependabot/file_parsers/ruby/bundler"
 require "dependabot/file_parsers/java_script/npm_and_yarn"
-require "dependabot/file_parsers/go/dep"
 
 module Dependabot
   module FileParsers
     @file_parsers = {
       "bundler" => FileParsers::Ruby::Bundler,
-      "npm_and_yarn" => FileParsers::JavaScript::NpmAndYarn,
-      "dep" => FileParsers::Go::Dep
+      "npm_and_yarn" => FileParsers::JavaScript::NpmAndYarn
     }
 
     def self.for_package_manager(package_manager)

data/lib/dependabot/file_updaters.rb

@@ -2,14 +2,12 @@
 
 require "dependabot/file_updaters/ruby/bundler"
 require "dependabot/file_updaters/java_script/npm_and_yarn"
-require "dependabot/file_updaters/go/dep"
 
 module Dependabot
   module FileUpdaters
     @file_updaters = {
       "bundler" => FileUpdaters::Ruby::Bundler,
-      "npm_and_yarn" => FileUpdaters::JavaScript::NpmAndYarn,
-      "dep" => FileUpdaters::Go::Dep
+      "npm_and_yarn" => FileUpdaters::JavaScript::NpmAndYarn
     }
 
     def self.for_package_manager(package_manager)

data/lib/dependabot/metadata_finders.rb

@@ -2,14 +2,12 @@
 
 require "dependabot/metadata_finders/ruby/bundler"
 require "dependabot/metadata_finders/java_script/npm_and_yarn"
-require "dependabot/metadata_finders/go/dep"
 
 module Dependabot
   module MetadataFinders
     @metadata_finders = {
       "bundler" => MetadataFinders::Ruby::Bundler,
-      "npm_and_yarn" => MetadataFinders::JavaScript::NpmAndYarn,
-      "dep" => MetadataFinders::Go::Dep
+      "npm_and_yarn" => MetadataFinders::JavaScript::NpmAndYarn
     }
 
     def self.for_package_manager(package_manager)

data/lib/dependabot/update_checkers.rb

@@ -2,14 +2,12 @@
 
 require "dependabot/update_checkers/ruby/bundler"
 require "dependabot/update_checkers/java_script/npm_and_yarn"
-require "dependabot/update_checkers/go/dep"
 
 module Dependabot
   module UpdateCheckers
     @update_checkers = {
       "bundler" => UpdateCheckers::Ruby::Bundler,
-      "npm_and_yarn" => UpdateCheckers::JavaScript::NpmAndYarn,
-      "dep" => UpdateCheckers::Go::Dep
+      "npm_and_yarn" => UpdateCheckers::JavaScript::NpmAndYarn
     }
 
     def self.for_package_manager(package_manager)

data/lib/dependabot/utils.rb

@@ -1,11 +1,9 @@
 # frozen_string_literal: true
 
 require "dependabot/utils/java_script/version"
-require "dependabot/utils/go/version"
 
 require "dependabot/utils/java_script/requirement"
 require "dependabot/utils/ruby/requirement"
-require "dependabot/utils/go/requirement"
 
 # TODO: in due course, these "registries" should live in a wrapper gem, not
 #       dependabot-core.
@@ -15,8 +13,7 @@ module Dependabot
       "bundler" => Gem::Version,
       "submodules" => Gem::Version,
       "docker" => Gem::Version,
-      "npm_and_yarn" => Utils::JavaScript::Version,
-      "dep" => Utils::Go::Version
+      "npm_and_yarn" => Utils::JavaScript::Version
     }
 
     def self.version_class_for_package_manager(package_manager)
@@ -34,8 +31,7 @@ module Dependabot
       "bundler" => Utils::Ruby::Requirement,
       "submodules" => Utils::Ruby::Requirement,
       "docker" => Utils::Ruby::Requirement,
-      "npm_and_yarn" => Utils::JavaScript::Requirement,
-      "dep" => Utils::Go::Requirement
+      "npm_and_yarn" => Utils::JavaScript::Requirement
     }
 
     def self.requirement_class_for_package_manager(package_manager)

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.89.5"
+  VERSION = "0.90.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-core
 version: !ruby/object:Gem::Version
-  version: 0.89.5
+  version: 0.90.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-13 00:00:00.000000000 Z
+date: 2019-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-ecr
@@ -298,12 +298,6 @@ files:
 - CHANGELOG.md
 - LICENSE
 - README.md
-- helpers/go/Makefile
-- helpers/go/go.mod
-- helpers/go/go.sum
-- helpers/go/importresolver/go.mod
-- helpers/go/importresolver/main.go
-- helpers/go/main.go
 - helpers/npm/.eslintrc
 - helpers/npm/bin/run.js
 - helpers/npm/lib/helpers.js
@@ -354,7 +348,6 @@ files:
 - lib/dependabot/file_fetchers.rb
 - lib/dependabot/file_fetchers/README.md
 - lib/dependabot/file_fetchers/base.rb
-- lib/dependabot/file_fetchers/go/dep.rb
 - lib/dependabot/file_fetchers/java_script/npm_and_yarn.rb
 - lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb
 - lib/dependabot/file_fetchers/ruby/bundler.rb
@@ -366,7 +359,6 @@ files:
 - lib/dependabot/file_parsers/README.md
 - lib/dependabot/file_parsers/base.rb
 - lib/dependabot/file_parsers/base/dependency_set.rb
-- lib/dependabot/file_parsers/go/dep.rb
 - lib/dependabot/file_parsers/java_script/npm_and_yarn.rb
 - lib/dependabot/file_parsers/ruby/bundler.rb
 - lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb
@@ -374,9 +366,6 @@ files:
 - lib/dependabot/file_updaters.rb
 - lib/dependabot/file_updaters/README.md
 - lib/dependabot/file_updaters/base.rb
-- lib/dependabot/file_updaters/go/dep.rb
-- lib/dependabot/file_updaters/go/dep/lockfile_updater.rb
-- lib/dependabot/file_updaters/go/dep/manifest_updater.rb
 - lib/dependabot/file_updaters/java_script/npm_and_yarn.rb
 - lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb
 - lib/dependabot/file_updaters/java_script/npm_and_yarn/npmrc_builder.rb
@@ -400,7 +389,6 @@ files:
 - lib/dependabot/metadata_finders/base/changelog_pruner.rb
 - lib/dependabot/metadata_finders/base/commits_finder.rb
 - lib/dependabot/metadata_finders/base/release_finder.rb
-- lib/dependabot/metadata_finders/go/dep.rb
 - lib/dependabot/metadata_finders/java_script/npm_and_yarn.rb
 - lib/dependabot/metadata_finders/ruby/bundler.rb
 - lib/dependabot/pull_request_creator.rb
@@ -417,11 +405,6 @@ files:
 - lib/dependabot/update_checkers.rb
 - lib/dependabot/update_checkers/README.md
 - lib/dependabot/update_checkers/base.rb
-- lib/dependabot/update_checkers/go/dep.rb
-- lib/dependabot/update_checkers/go/dep/file_preparer.rb
-- lib/dependabot/update_checkers/go/dep/latest_version_finder.rb
-- lib/dependabot/update_checkers/go/dep/requirements_updater.rb
-- lib/dependabot/update_checkers/go/dep/version_resolver.rb
 - lib/dependabot/update_checkers/java_script/npm_and_yarn.rb
 - lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb
 - lib/dependabot/update_checkers/java_script/npm_and_yarn/library_detector.rb
@@ -438,10 +421,6 @@ files:
 - lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb
 - lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb
 - lib/dependabot/utils.rb
-- lib/dependabot/utils/go/path_converter.rb
-- lib/dependabot/utils/go/requirement.rb
-- lib/dependabot/utils/go/shared_helper.rb
-- lib/dependabot/utils/go/version.rb
 - lib/dependabot/utils/java_script/requirement.rb
 - lib/dependabot/utils/java_script/version.rb
 - lib/dependabot/utils/ruby/requirement.rb

data/helpers/go/Makefile

@@ -1,9 +0,0 @@
-.PHONY = all
-
-all: darwin linux
-
-darwin:
-	GO111MODULE=on GOOS=darwin GOARCH=amd64 go build -o go-helpers.darwin64 .
-
-linux:
-	GO111MODULE=on GOOS=linux GOARCH=amd64  go build -o go-helpers.linux64 .

data/helpers/go/go.mod

@@ -1,8 +0,0 @@
-module github.com/dependabot/dependabot-core/helpers/go
-
-require (
-	github.com/Masterminds/vcs v1.12.0
-	github.com/dependabot/dependabot-core/helpers/go/importresolver v0.0.0
-)
-
-replace github.com/dependabot/dependabot-core/helpers/go/importresolver => ./importresolver

data/helpers/go/go.sum

@@ -1,2 +0,0 @@
-github.com/Masterminds/vcs v1.12.0 h1:bt9Hb4XlfmEfLnVA0MVz2NO0GFuMN5vX8iOWW38Xde4=
-github.com/Masterminds/vcs v1.12.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA=

data/helpers/go/importresolver/go.mod

@@ -1 +0,0 @@
-module github.com/dependabot/dependabot-core/helpers/go/importresolver

data/helpers/go/importresolver/main.go

@@ -1,34 +0,0 @@
-package importresolver
-
-import (
-	"io/ioutil"
-	"strings"
-
-	"github.com/Masterminds/vcs"
-)
-
-type Args struct {
-	Import string
-}
-
-func VCSRemoteForImport(args *Args) (interface{}, error) {
-	remote := args.Import
-	scheme := strings.Split(remote, ":")[0]
-	switch scheme {
-	case "http", "https":
-	default:
-		remote = "https://" + remote
-	}
-
-	local, err := ioutil.TempDir("", "unused-vcs-local-dir")
-	if err != nil {
-		return nil, err
-	}
-
-	repo, err := vcs.NewRepo(remote, local)
-	if err != nil {
-		return nil, err
-	}
-
-	return repo.Remote(), nil
-}

data/helpers/go/main.go

@@ -1,67 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"log"
-	"os"
-
-	"github.com/dependabot/dependabot-core/helpers/go/importresolver"
-)
-
-type HelperParams struct {
-	Function string          `json:"function"`
-	Args     json.RawMessage `json:"args"`
-}
-
-type Output struct {
-	Error  string      `json:"error,omitempty"`
-	Result interface{} `json:"result,omitempty"`
-}
-
-func main() {
-	d := json.NewDecoder(os.Stdin)
-	helperParams := &HelperParams{}
-	if err := d.Decode(helperParams); err != nil {
-		abort(err)
-	}
-
-	var (
-		funcOut interface{}
-		funcErr error
-	)
-	switch helperParams.Function {
-	case "getVcsRemoteForImport":
-		var args importresolver.Args
-		parseArgs(helperParams.Args, &args)
-		funcOut, funcErr = importresolver.VCSRemoteForImport(&args)
-	default:
-		abort(fmt.Errorf("Unrecognised function '%s'", helperParams.Function))
-	}
-
-	if funcErr != nil {
-		abort(funcErr)
-	}
-
-	output(&Output{Result: funcOut})
-}
-
-func parseArgs(data []byte, args interface{}) {
-	if err := json.Unmarshal(data, args); err != nil {
-		abort(err)
-	}
-}
-
-func output(o *Output) {
-	bytes, jsonErr := json.Marshal(o)
-	if jsonErr != nil {
-		log.Fatal(jsonErr)
-	}
-
-	os.Stdout.Write(bytes)
-}
-
-func abort(err error) {
-	output(&Output{Error: err.Error()})
-	os.Exit(1)
-}

data/lib/dependabot/file_fetchers/go/dep.rb

@@ -1,69 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_fetchers/base"
-
-module Dependabot
-  module FileFetchers
-    module Go
-      class Dep < Dependabot::FileFetchers::Base
-        def self.required_files_in?(filenames)
-          (%w(Gopkg.toml Gopkg.lock) - filenames).empty?
-        end
-
-        def self.required_files_message
-          "Repo must contain a Gopkg.toml and Gopkg.lock."
-        end
-
-        private
-
-        def fetch_files
-          fetched_files = []
-          fetched_files << manifest if manifest
-          fetched_files << lockfile if lockfile
-
-          unless manifest
-            raise(
-              Dependabot::DependencyFileNotFound,
-              File.join(directory, "Gopkg.toml")
-            )
-          end
-
-          unless lockfile
-            raise(
-              Dependabot::DependencyFileNotFound,
-              File.join(directory, "Gopkg.lock")
-            )
-          end
-
-          # Fetch the main.go file if present, as this will later identify
-          # this repo as an app.
-          fetched_files << main if main
-          fetched_files
-        end
-
-        def manifest
-          @manifest ||= fetch_file_if_present("Gopkg.toml")
-        end
-
-        def lockfile
-          @lockfile ||= fetch_file_if_present("Gopkg.lock")
-        end
-
-        def main
-          return @main if @main
-
-          go_files = repo_contents.select { |f| f.name.end_with?(".go") }
-
-          go_files.each do |go_file|
-            file = fetch_file_from_host(go_file.name, type: "package_main")
-            next unless file.content.match?(/\s*package\s+main/)
-
-            return @main = file.tap { |f| f.support_file = true }
-          end
-
-          nil
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_parsers/go/dep.rb

@@ -1,188 +0,0 @@
-# frozen_string_literal: true
-
-require "toml-rb"
-
-require "dependabot/errors"
-require "dependabot/dependency"
-require "dependabot/shared_helpers"
-require "dependabot/source"
-
-require "dependabot/file_parsers/base"
-require "dependabot/utils/go/requirement"
-require "dependabot/utils/go/path_converter"
-
-# Relevant dep docs can be found at:
-# - https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
-# - https://github.com/golang/dep/blob/master/docs/Gopkg.lock.md
-module Dependabot
-  module FileParsers
-    module Go
-      class Dep < Dependabot::FileParsers::Base
-        require "dependabot/file_parsers/base/dependency_set"
-
-        REQUIREMENT_TYPES = %w(constraint override).freeze
-
-        def parse
-          dependency_set = DependencySet.new
-          dependency_set += manifest_dependencies
-          dependency_set += lockfile_dependencies
-          dependency_set.dependencies
-        end
-
-        private
-
-        def manifest_dependencies
-          dependency_set = DependencySet.new
-
-          REQUIREMENT_TYPES.each do |type|
-            parsed_file(manifest).fetch(type, []).each do |details|
-              next if lockfile && !appears_in_lockfile?(details.fetch("name"))
-              next if missing_version_in_manifest_and_lockfile(details)
-
-              dependency_set << Dependency.new(
-                name: details.fetch("name"),
-                version: version_from_declaration(details),
-                package_manager: "dep",
-                requirements: [{
-                  requirement: requirement_from_declaration(details),
-                  file: manifest.name,
-                  groups: [],
-                  source: source_from_declaration(details)
-                }]
-              )
-            end
-          end
-
-          dependency_set
-        end
-
-        def lockfile_dependencies
-          dependency_set = DependencySet.new
-
-          parsed_file(lockfile).fetch("projects", []).each do |details|
-            dependency_set << Dependency.new(
-              name: details.fetch("name"),
-              version: version_from_lockfile(details),
-              package_manager: "dep",
-              requirements: []
-            )
-          end
-
-          dependency_set
-        end
-
-        def version_from_lockfile(details)
-          details["version"]&.sub(/^v?/, "") || details.fetch("revision")
-        end
-
-        def requirement_from_declaration(declaration)
-          unless declaration.is_a?(Hash)
-            raise "Unexpected dependency declaration: #{declaration}"
-          end
-
-          return if git_declaration?(declaration)
-
-          declaration["version"]
-        end
-
-        def source_from_declaration(declaration)
-          source = declaration["source"] || declaration["name"]
-
-          git_source_url = git_source(source)
-
-          if git_source_url && git_declaration?(declaration)
-            {
-              type: "git",
-              url: git_source_url,
-              branch: declaration["branch"],
-              ref: declaration["revision"] || declaration["version"]
-            }
-          elsif git_declaration?(declaration)
-            raise "No git source for a git declaration!"
-          else
-            {
-              type: "default",
-              source: source
-            }
-          end
-        end
-
-        def version_from_declaration(declaration)
-          lockfile_details =
-            parsed_file(lockfile).fetch("projects", []).
-            find { |details| details["name"] == declaration.fetch("name") }
-
-          if source_from_declaration(declaration).fetch(:type) == "git"
-            lockfile_details["revision"] ||
-              version_from_lockfile(lockfile_details)
-          else
-            version_from_lockfile(lockfile_details)
-          end
-        end
-
-        def appears_in_lockfile?(dependency_name)
-          parsed_file(lockfile).fetch("projects", []).
-            any? { |details| details["name"] == dependency_name }
-        end
-
-        def git_declaration?(declaration)
-          return true if declaration["branch"] || declaration["revision"]
-          return false unless declaration["version"]
-          return false unless declaration["version"].match?(/^[A-Za-z0-9]/)
-
-          Utils::Go::Requirement.new(declaration["version"])
-          false
-        rescue Gem::Requirement::BadRequirementError
-          true
-        end
-
-        def git_source(path)
-          Dependabot::Utils::Go::PathConverter.git_url_for_path(path)
-        rescue Dependabot::SharedHelpers::HelperSubprocessFailed => error
-          if error.message == "Cannot detect VCS"
-            msg = error.message + " for #{path}"
-            raise Dependabot::DependencyFileNotResolvable, msg
-          end
-
-          if error.message.end_with?("Not Found")
-            msg = "#{path} returned a 404"
-            raise Dependabot::DependencyFileNotResolvable, msg
-          end
-
-          raise
-        end
-
-        def parsed_file(file)
-          @parsed_file ||= {}
-          @parsed_file[file.name] ||= TomlRB.parse(file.content)
-        rescue TomlRB::ParseError
-          raise Dependabot::DependencyFileNotParseable, file.path
-        end
-
-        def manifest
-          @manifest ||= get_original_file("Gopkg.toml")
-        end
-
-        def lockfile
-          @lockfile ||= get_original_file("Gopkg.lock")
-        end
-
-        def check_required_files
-          %w(Gopkg.toml Gopkg.lock).each do |filename|
-            raise "No #{filename}!" unless get_original_file(filename)
-          end
-        end
-
-        def missing_version_in_manifest_and_lockfile(declaration)
-          return false if git_declaration?(declaration)
-
-          lockfile_decl =
-            parsed_file(lockfile).
-            fetch("projects", []).
-            find { |details| details["name"] == declaration["name"] }
-          lockfile_decl&.fetch("version", nil).nil?
-        end
-      end
-    end
-  end
-end